510246 – plasmashell crash when connecting USB device after memory corruption

Bug 510246 - plasmashell crash when connecting USB device after memory corruption

Summary: plasmashell crash when connecting USB device after memory corruption

Status:	REPORTED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Disks & Devices widget (other bugs)
Version First Reported In:	6.4.5
Platform:	openSUSE Linux

Importance:	NOR normal
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-10-04 22:59 UTC by equeim
Modified:	2025-10-07 19:15 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description equeim 2025-10-04 22:59:08 UTC

SUMMARY
When I connected my Kobo Clara 2e reader (which acts like USB mass storage device I think) to my PC, Plasma crashed.

STEPS TO REPRODUCE
Connect a mass storage device? I wasn't able to reproduce it again.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: openSUSE Tumbleweed
KDE Plasma Version: 6.4.5
KDE Frameworks Version: 6.18.0
Qt Version: 6.9.2

ADDITIONAL INFORMATION
There was following message from plasmashell in system log when it crashed:
malloc(): unaligned tcache chunk detected

Backtrace:
> Program terminated with signal SIGABRT, Aborted.
> #0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
> #1  0x00007f37ee09de33 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
> #2  0x00007f37ee0427b6 in __GI_raise (sig=6) at ../sysdeps/posix/raise.c:26
> #3  0x00007f37f170f390 in KCrash::defaultCrashHandler (sig=6) at /usr/src/debug/kcrash-6.18.0/src/kcrash.cpp:605
> #4  0x00007f37ee042910 in <signal handler called> () at /lib64/libc.so.6
> #5  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
> #6  0x00007f37ee09de33 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
> #7  0x00007f37ee0427b6 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
> #8  0x00007f37ee02934b in __GI_abort () at abort.c:77
> #9  0x00007f37ee02a3ad in __libc_message_impl (fmt=fmt@entry=0x7f37ee1be35d "%s\n") at ../sysdeps/posix/libc_fatal.c:138
> #10 0x00007f37ee0a8b77 in malloc_printerr (str=str@entry=0x7f37ee1c19d8 "malloc(): unaligned tcache chunk detected") at malloc.c:5879
> #11 0x00007f37ee0ad970 in tcache_get_n (tc_idx=<optimized out>, ep=<optimized out>, mangled=<optimized out>) at malloc.c:3209
> #12 tcache_get (tc_idx=<optimized out>) at malloc.c:3232
> #13 __GI___libc_malloc (bytes=<optimized out>) at malloc.c:3483
> #14 0x00007f37eeaed048 in allocateData (allocSize=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydata.cpp:139
> #15 allocateHelper (objectSize=<optimized out>, alignment=16, capacity=3, option=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydata.cpp:178
> #16 allocateHelper (objectSize=<optimized out>, alignment=16, capacity=<optimized out>, option=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydata.cpp:154
> #17 QArrayData::allocate (dptr=0x7fff6f640ce0, objectSize=<optimized out>, alignment=16, capacity=<optimized out>, option=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydata.cpp:198
> #18 0x00007f37eeac56ed in QTypedArrayData<QStringView>::allocate (capacity=1, option=QArrayData::Grow) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydata.h:141
> #19 QArrayDataPointer<QStringView>::allocateGrow (from=..., n=1, position=QArrayData::GrowsAtEnd) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydatapointer.h:492
> #20 QArrayDataPointer<QStringView>::reallocateAndGrow(QArrayData::GrowthPosition, long long, QArrayDataPointer<QStringView>*) [clone .constprop.0] (this=0x7fff6f640e00, where=<optimized out>, n=1, old=0x0)
>     at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydatapointer.h:228
> #21 0x00007f37eeab3d09 in QArrayDataPointer<QStringView>::detachAndGrow (n=<optimized out>, data=<optimized out>, old=<optimized out>, this=<optimized out>, where=<optimized out>)
>     at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydatapointer.h:209
> #22 QtPrivate::QPodArrayOps<QStringView>::emplace<QStringView> (this=0x7fff6f640e00, i=0) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qarraydataops.h:163
> #23 QList<QStringView>::emplaceBack<QStringView> (this=0x7fff6f640e00) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qlist.h:915
> #24 QList<QStringView>::append (this=0x7fff6f640e00, t=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/tools/qlist.h:496
> #25 (anonymous namespace)::splitString<QList<QStringView>, QStringView> (source=<optimized out>, sep=..., behavior=..., cs=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/text/qstring.cpp:8255
> #26 QStringView::split (this=this@entry=0x7fff6f640df0, sep=..., behavior=..., cs=cs@entry=Qt::CaseSensitive) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/text/qstring.cpp:8329
> #27 0x00007f37eeab4b4d in QStringView::split (this=this@entry=0x7fff6f640df0, sep=..., behavior=..., behavior@entry=..., cs=cs@entry=Qt::CaseSensitive) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/text/qstringview.h:119
> #28 0x00007f37efa2591b in QDBusUtil::isValidInterfaceName (ifaceName=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/dbus/qdbusutil.cpp:346
> #29 0x00007f37ef9c23cf in QDBusUtil::checkInterfaceName(QString const&, QDBusUtil::AllowEmptyFlag, QDBusError*) [clone .constprop.0] (name=..., error=error@entry=0x7fff6f641290, empty=QDBusUtil::EmptyAllowed)
>     at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/dbus/qdbusutil_p.h:70
> #30 0x00007f37efa0359c in QDBusMessagePrivate::toDBusMessage(QDBusMessage const&, QFlags<QDBusConnection::ConnectionCapability>, QDBusError*) [clone .isra.0] (capabilities=..., error=error@entry=0x7fff6f641290, message=<optimized out>)
>     at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/dbus/qdbusmessage.cpp:120
> #31 0x00007f37ef9e9dcf in QDBusConnectionPrivate::sendWithReplyAsync (this=0x7f37e400ca50, message=..., receiver=<optimized out>, returnMethod=<optimized out>, errorMethod=<optimized out>, timeout=<optimized out>)
>     at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/global/qflags.h:77
> #32 0x00007f37ef9cd1a9 in QDBusConnection::asyncCall (this=this@entry=0x7fff6f641510, message=..., timeout=timeout@entry=-1) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/dbus/qdbusconnection.cpp:445
> #33 0x00007f37f16b50df in Solid::Backends::UDisks2::Block::Block
>     (this=this@entry=0x563a11dbed90, __vtt_parm=__vtt_parm@entry=0x7f37f16f8040 <VTT for Solid::Backends::UDisks2::StorageDrive+8>, dev=0x563a0cc48fa0, this=<optimized out>, __vtt_parm=<optimized out>, dev=<optimized out>)
>     at /usr/src/debug/solid-6.18.0/src/solid/devices/backends/udisks2/udisksblock.cpp:39
> #34 0x00007f37f16b679d in Solid::Backends::UDisks2::StorageDrive::StorageDrive (this=0x563a11dbed90, dev=<optimized out>, this=<optimized out>, dev=<optimized out>)
>     at /usr/src/debug/solid-6.18.0/src/solid/devices/backends/udisks2/udisksstoragedrive.cpp:15
> #35 0x00007f37f16a4be8 in Solid::Backends::UDisks2::Device::createDeviceInterface (this=0x563a0cc48fa0, type=<optimized out>) at /usr/src/debug/solid-6.18.0/src/solid/devices/backends/udisks2/udisksdevice.cpp:185
> #36 0x00007f37f164c51a in Solid::Device::asDeviceInterface (this=this@entry=0x7fff6f641788, type=@0x7fff6f6417e0: Solid::DeviceInterface::StorageDrive, type@entry=@0x7fff6f6417e0: <optimized out>)
>     at /usr/src/debug/solid-6.18.0/src/solid/devices/frontend/device.cpp:143
> #37 0x00007f37f164d285 in Solid::Device::asDeviceInterface (this=this@entry=0x7fff6f641788, type=@0x7fff6f6417e0: Solid::DeviceInterface::StorageDrive) at /usr/src/debug/solid-6.18.0/src/solid/devices/frontend/device.cpp:128
> #38 0x00007f37475b7ce1 in Solid::Device::as<Solid::StorageDrive> (this=0x7fff6f641788) at /usr/include/KF6/Solid/solid/device.h:233
> #39 DeviceControl::onDeviceAdded (this=0x563a0e53e8c0, udi=...) at /usr/src/debug/plasma-workspace-6.4.5/applets/devicenotifier/plugin/devicecontrol.cpp:177
> #40 0x00007f37eea308b4 in QtPrivate::QSlotObjectBase::call (this=0x563a0e644440, r=<optimized out>, a=0x7fff6f641920, this=<optimized out>, r=<optimized out>, a=<optimized out>)
>     at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qobjectdefs_impl.h:461
> #41 doActivate<false> (sender=0x563a0d0bc8a0, signal_index=3, argv=0x7fff6f641920) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qobject.cpp:4157
> #42 0x00007f37f1649b87 in QMetaObject::activate<void, QString> (sender=<optimized out>, mo=0x7f37f16f94a0 <Solid::DeviceNotifier::staticMetaObject>, local_signal_index=0, ret=0x0) at /usr/include/qt6/QtCore/qobjectdefs.h:306
> #43 Solid::DeviceNotifier::deviceAdded (this=<optimized out>, _t1=<optimized out>) at /usr/src/debug/solid-6.18.0/build/src/solid/KF6Solid_autogen/include/moc_devicenotifier.cpp:127
> #44 0x00007f37eea308b4 in QtPrivate::QSlotObjectBase::call (this=0x563a0d2df7f0, r=<optimized out>, a=0x7fff6f641b60, this=<optimized out>, r=<optimized out>, a=<optimized out>)
>     at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qobjectdefs_impl.h:461
> #45 doActivate<false> (sender=0x563a0d2df950, signal_index=3, argv=0x7fff6f641b60) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qobject.cpp:4157
> #46 0x00007f37f1699bf6 in QMetaObject::activate<void, QString> (sender=0x563a0d2df950, mo=<optimized out>, local_signal_index=0, ret=0x0) at /usr/include/qt6/QtCore/qobjectdefs.h:306
> #47 Solid::Ifaces::DeviceManager::deviceAdded (this=0x563a0d2df950, _t1=...) at /usr/src/debug/solid-6.18.0/build/src/solid/KF6Solid_autogen/include/moc_devicemanager.cpp:127
> #48 Solid::Backends::UDisks2::Manager::slotInterfacesAdded (this=0x563a0d2df950, object_path=<optimized out>, interfaces_and_properties=...) at /usr/src/debug/solid-6.18.0/src/solid/devices/backends/udisks2/udisksmanager.cpp:207
> #49 0x00007f37eea30cde in doActivate<false> (sender=0x563a0d2df968, signal_index=3, argv=0x7fff6f641cf0) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qobject.cpp:4169
> #50 0x00007f37f16b9e7e in QMetaObject::activate<void, QDBusObjectPath, QMap<QString, QMap<QString, QVariant> > > (sender=0x563a0d2df968, mo=0x7f37f17010c0 <OrgFreedesktopDBusObjectManagerInterface::staticMetaObject>, local_signal_index=0, ret=0x0)
>     at /usr/include/qt6/QtCore/qobjectdefs.h:306
> #51 OrgFreedesktopDBusObjectManagerInterface::InterfacesAdded (this=0x563a0d2df968, _t1=<optimized out>, _t2=<optimized out>) at /usr/src/debug/solid-6.18.0/build/src/solid/KF6Solid_autogen/include/moc_manager.cpp:158
> #52 OrgFreedesktopDBusObjectManagerInterface::qt_static_metacall (_o=_o@entry=0x563a0d2df968, _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=0, _a=_a@entry=0x7fff6f641e78)
>     at /usr/src/debug/solid-6.18.0/build/src/solid/KF6Solid_autogen/include/moc_manager.cpp:88
> #53 0x00007f37f16bf453 in OrgFreedesktopDBusObjectManagerInterface::qt_metacall (this=0x563a0d2df968, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7fff6f641e78)
>     at /usr/src/debug/solid-6.18.0/build/src/solid/KF6Solid_autogen/include/moc_manager.cpp:144
> #54 0x00007f37ef9dcef7 in QDBusConnectionPrivate::deliverCall (this=0x7f37e400ca50, object=0x563a0d2df968, msg=..., metaTypes=<optimized out>, slotIdx=5) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/dbus/qdbusintegrator.cpp:1008
> #55 0x00007f37eea1d9d4 in QObject::event (this=<optimized out>, e=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qobject.cpp:1432
> #56 0x00007f37f0de51c8 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x563a0d2df968, e=0x7f37e41f8f40) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/widgets/kernel/qapplication.cpp:3300
> #57 0x00007f37ee9c9138 in QCoreApplication::notifyInternal2 (receiver=0x563a0d2df968, event=0x7f37e41f8f40) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qcoreapplication.cpp:1106
> #58 0x00007f37ee9c917d in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qcoreapplication.cpp:1546
> #59 0x00007f37ee9cb567 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x563a0be1a9a0) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qcoreapplication.cpp:1891
> #60 0x00007f37eec7fc17 in postEventSourceDispatch (s=s@entry=0x563a0be25f20) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qeventdispatcher_glib.cpp:246
> #61 0x00007f37ed31e776 in g_main_dispatch (context=0x7f37e4000f50) at ../glib/gmain.c:3565
> #62 g_main_context_dispatch_unlocked (context=context@entry=0x7f37e4000f50) at ../glib/gmain.c:4425
> #63 0x00007f37ed321668 in g_main_context_iterate_unlocked (context=context@entry=0x7f37e4000f50, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4490
> #64 0x00007f37ed321eac in g_main_context_iteration (context=0x7f37e4000f50, may_block=1) at ../glib/gmain.c:4556
> #65 0x00007f37eec7d868 in QEventDispatcherGlib::processEvents (this=0x563a0be26690, flags=...) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qeventdispatcher_glib.cpp:399
> #66 0x00007f37ee9d6ab3 in QEventLoop::exec (this=0x7fff6f642440, flags=...) at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/global/qflags.h:77
> #67 0x00007f37ee9cda63 in QCoreApplication::exec () at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/corelib/kernel/qcoreapplication.cpp:1449
> #68 0x00007f37ef221250 in QGuiApplication::exec () at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/gui/kernel/qguiapplication.cpp:1986
> #69 0x00007f37f0ddff29 in QApplication::exec () at /usr/src/debug/qtbase-everywhere-src-6.9.2/src/widgets/kernel/qapplication.cpp:2567
> #70 0x00005639de6e1275 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/plasma-workspace-6.4.5/shell/main.cpp:188

Comment 1 equeim 2025-10-04 23:03:59 UTC

It looks like a bug in Qt though. The crash happens in QDBusConnection::asyncCall and it doesn't look like Solid does anything funny with it.

Comment 2 equeim 2025-10-04 23:08:55 UTC

(In reply to equeim from comment #1)
> It looks like a bug in Qt though. The crash happens in
> QDBusConnection::asyncCall and it doesn't look like Solid does anything
> funny with it.

Although Plasma probably shouldn't work with Solid on the main thread, since it looks that it involves blocking D-Bus calls. I don't think it's related to this crash however.

Comment 3 David Redondo 2025-10-06 13:11:07 UTC

"malloc(): unaligned tcache chunk detected"

some memory corruption happened

Comment 4 Nate Graham 2025-10-07 19:14:55 UTC

Looks like most of the action happened in Solid.